30 matches found
[Diviner] OWASP Zed Attack Proxy Extension
Diviner is a unique platform that attempts to predict the structure of the server-side memory, source code and processes,by executing scenarios aimed to fingerprint behaviors that derive from specific lines of code, processes or memory allocations,by employing the use of a variety of coverage...
Ruby Random Number Values Information Disclosure Vulnerability
This host is installed with Ruby and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodrubyrandomnumbervaluesinfodiscvuln.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby Random Number Values Information Disclosure Vulnerability Authors: Sooraj KS Copyright:...
Ruby Random Number Values Information Disclosure Vulnerability (Jul 2011)
Ruby is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ruby-lang:ruby";...
Ruby Random Number Generation Local DoS Vulnerability (Jul 2011)
Ruby is prone to a local denial of service DoS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ruby-lang:ruby";...
CVE-2011-2705
The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...
Design/Logic Flaw
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issu...
Ruby Random Number Generation Local Denial Of Service Vulnerability
The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...
CVE-2011-0755
Integer overflow in the mtrand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mtgetrandmax...
CVE-2008-5162
The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various...
wordpress -- remote privilege escalation
The Wordpress development team reports: With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another users password to a randomly generated password. The randomly generated password is not disclosed to the...